2021-01-02 04:56:15 +00:00
|
|
|
id: CVE-2020-16952
|
2020-10-14 08:49:48 +00:00
|
|
|
|
|
|
|
|
info:
|
2020-10-15 10:27:52 +00:00
|
|
|
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
|
2020-10-14 08:49:48 +00:00
|
|
|
author: dwisiswant0
|
|
|
|
|
severity: critical
|
|
|
|
|
|
|
|
|
|
# This template supports the detection part only. See references[2].
|
|
|
|
|
# References:
|
|
|
|
|
# - [1] Patch: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16952
|
|
|
|
|
# - [2] https://srcincite.io/pocs/cve-2020-16952.py.txt
|
|
|
|
|
# - [3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
|
2020-10-15 10:27:52 +00:00
|
|
|
# - [4] https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
|
2020-10-14 08:49:48 +00:00
|
|
|
|
|
|
|
|
requests:
|
2020-10-15 10:27:52 +00:00
|
|
|
- method: GET
|
2020-10-14 08:49:48 +00:00
|
|
|
path:
|
2020-10-15 10:27:52 +00:00
|
|
|
- "{{BaseURL}}/"
|
2020-10-14 08:49:48 +00:00
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
2020-10-15 10:27:52 +00:00
|
|
|
- type: regex
|
|
|
|
|
regex:
|
2020-10-15 11:21:25 +00:00
|
|
|
- "15\\.0\\.0\\.(4571|5275|4351|5056)"
|
|
|
|
|
- "16\\.0\\.0\\.(10337|10364|10366)"
|
2020-10-15 10:27:52 +00:00
|
|
|
# - "16.0.10364.20001"
|
|
|
|
|
condition: or
|
|
|
|
|
part: body
|
2020-10-14 08:49:48 +00:00
|
|
|
- type: word
|
|
|
|
|
words:
|
2020-10-15 10:27:52 +00:00
|
|
|
- "MicrosoftSharePointTeamServices"
|
|
|
|
|
part: header
|
2020-10-14 08:49:48 +00:00
|
|
|
- type: status
|
|
|
|
|
status:
|
2020-10-15 10:27:52 +00:00
|
|
|
- 200
|
|
|
|
|
- 201
|
|
|
|
|
condition: or
|
